After Snowden, what's changed (and what hasn't)

What: An independent survey of more than 100 U.S. defense contractors composed of IT and security administrators with top-tier access to either confidential, secret or top-secret information. The survey was commissioned by ThreatTrack Security, a Florida-based firm that specializes in helping organizations identify and stop advanced persistent threats (APTs) and targeted cyberattacks. The study was conducted by Opinion Matters, a market research company.

Why: The survey was done to ascertain what impact the disclosures by former National Security Agency contractor Edward Snowden have had on high-ranking IT officials employed by defense contractors.

The survey sheds light on how disruptive Snowden’s disclosures have been. Seventy –five percent of respondents said their companies’ cybersecurity practices were altered in at least one of the following ways:

• 55 percent say their employees now receive more cybersecurity awareness training
• 52 percent have reviewed or re-evaluated employee data access privileges
• 47 percent are on higher alert for anomalous network activity by employees
• 41 percent have implemented stricter hiring practices
• 39 percent say their own IT administrative rights have been restricted

Several of the survey’s findings are particularly enlightening. Among them, 27 percent of respondents did not hold proper clearances to view secret, top-secret or confidential information yet were able to view that information anyway. That stat draws parallels to Snowden, a systems administrator who was able to access information that should have been outside his clearance to see.

However, 88 percent of respondents found a "high level of confidence" in government guidance regarding the protection of sensitive data. Despite that confidence, 62 percent still reported that they were concerned with their companies’ vulnerabilities to APTs, targeted malware attacks and sophisticated cybercrime and cyber-espionage tactics.

Respondents were particularly troubled by malware, citing high-volume and sophisticated malware attacks as major threats to defend against. Defense contractor IT managers revealed a device used by members of their senior leadership team became infected with malware due to executives:

• Visiting a pornographic website (13 percent) – compared with 40 percent of other enterprises.
• Clicking on a malicious link in a phishing email (40 percent) – compared with 56 percent in other enterprises.
• Allowing a family member to use a company-owned device (14 percent) – compared with 45 percent in other enterprises.

Verbatim: "[Forty-four] percent of respondents said they have access to networks and databases that store confidential information. Of those, 27.3 percent have no security clearance at all, which raises a red flag. This means that like Snowden, they may have broad IT administrative privileges but without the proper security clearance. Regardless of what security clearances you have, access to privileged information ultimately may be the greatest risk for defense contractors looking to avoid another Snowden-like event. Further review of IT access privileges, therefore, may be in order."